Comparative analysis of identity management, access control, and authorization practices in public and private universities.

Open research Europe Pub Date : 2024-07-29 eCollection Date: 2024-01-01 DOI:10.12688/openreseurope.16634.2
Elissa Mollakuqe, Vesna Dimitrova
{"title":"Comparative analysis of identity management, access control, and authorization practices in public and private universities.","authors":"Elissa Mollakuqe, Vesna Dimitrova","doi":"10.12688/openreseurope.16634.2","DOIUrl":null,"url":null,"abstract":"<p><strong>Background: </strong>This research delves into the critical aspects of identity management, access control, and authorization practices within the domains of public and private universities. Identity management involves the meticulous management and control of user identities, encompassing the establishment and maintenance of user profiles, role assignments, and access privileges. Access control is the practice of defining and enforcing policies that govern who can access an IT system or application and which resources they can interact with. Authorization, meanwhile, determines the specific actions and privileges granted to users based on their roles and permissions.</p><p><strong>Methods: </strong>To understand the variances in identity management and access control approaches, we conducted a comparative analysis between public and private universities. Our investigation scrutinized the user populations with access to university systems, the enforcement of access limitations, authentication methods, and password policies. Additionally, we examined the nuances of authorization processes, levels of authorization, access approval authorities, user status and role changes, unique user account management, account deletion procedures, user authentication methods, password complexity and expiration policies, password storage methods, and session termination policies.</p><p><strong>Results: </strong>This study revealed that both public and private universities prioritize these security measures, with a common categorization of these processes. Nevertheless, there exist disparities, such as the inclusion of contractors and vendors in the user population at private universities, the manual deletion of user accounts in private institutions, and variations in password policies and storage methods. Private universities tend to enforce stricter password policies, employ more secure password storage methods, and implement automatic session termination features.</p><p><strong>Conclusions: </strong>This research provides valuable insights into the practices and approaches adopted by public and private universities to safeguard their digital environments. The findings serve as a valuable resource for enhancing identity management, access control, and authorization protocols, enabling institutions to fortify their cybersecurity defenses in an ever-evolving threat landscape.</p>","PeriodicalId":74359,"journal":{"name":"Open research Europe","volume":"4 ","pages":"23"},"PeriodicalIF":0.0000,"publicationDate":"2024-07-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.ncbi.nlm.nih.gov/pmc/articles/PMC11294802/pdf/","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Open research Europe","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.12688/openreseurope.16634.2","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"2024/1/1 0:00:00","PubModel":"eCollection","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Background: This research delves into the critical aspects of identity management, access control, and authorization practices within the domains of public and private universities. Identity management involves the meticulous management and control of user identities, encompassing the establishment and maintenance of user profiles, role assignments, and access privileges. Access control is the practice of defining and enforcing policies that govern who can access an IT system or application and which resources they can interact with. Authorization, meanwhile, determines the specific actions and privileges granted to users based on their roles and permissions.

Methods: To understand the variances in identity management and access control approaches, we conducted a comparative analysis between public and private universities. Our investigation scrutinized the user populations with access to university systems, the enforcement of access limitations, authentication methods, and password policies. Additionally, we examined the nuances of authorization processes, levels of authorization, access approval authorities, user status and role changes, unique user account management, account deletion procedures, user authentication methods, password complexity and expiration policies, password storage methods, and session termination policies.

Results: This study revealed that both public and private universities prioritize these security measures, with a common categorization of these processes. Nevertheless, there exist disparities, such as the inclusion of contractors and vendors in the user population at private universities, the manual deletion of user accounts in private institutions, and variations in password policies and storage methods. Private universities tend to enforce stricter password policies, employ more secure password storage methods, and implement automatic session termination features.

Conclusions: This research provides valuable insights into the practices and approaches adopted by public and private universities to safeguard their digital environments. The findings serve as a valuable resource for enhancing identity management, access control, and authorization protocols, enabling institutions to fortify their cybersecurity defenses in an ever-evolving threat landscape.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
公立和私立大学身份管理、访问控制和授权实践的比较分析。
研究背景本研究深入探讨了公立和私立大学领域内身份管理、访问控制和授权实践的关键方面。身份管理涉及对用户身份的细致管理和控制,包括建立和维护用户档案、角色分配和访问权限。访问控制是定义和执行政策的实践,这些政策管理谁可以访问 IT 系统或应用程序,以及他们可以与哪些资源交互。而授权则是根据用户的角色和权限,确定授予用户的具体操作和权限:为了了解身份管理和访问控制方法的差异,我们对公立大学和私立大学进行了比较分析。我们仔细研究了可访问大学系统的用户群、访问限制的执行情况、身份验证方法和密码政策。此外,我们还研究了授权流程的细微差别、授权级别、访问审批权限、用户状态和角色变更、唯一用户账户管理、账户删除程序、用户认证方法、密码复杂性和过期政策、密码存储方法以及会话终止政策:这项研究表明,公立大学和私立大学都优先考虑这些安全措施,并对这些程序进行了共同的分类。然而,也存在一些差异,如私立大学的用户群体中包括承包商和供应商,私立机构中用户账户的手动删除,以及密码政策和存储方法的不同。私立大学往往执行更严格的密码政策,采用更安全的密码存储方法,并实施自动会话终止功能:这项研究为了解公立和私立大学在保护其数字环境方面所采取的做法和方法提供了宝贵的见解。研究结果为加强身份管理、访问控制和授权协议提供了宝贵的资源,使各机构能够在不断变化的威胁环境中加强网络安全防御。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
CiteScore
1.50
自引率
0.00%
发文量
0
期刊最新文献
Co-designing ab initio electronic structure methods on a RISC-V vector architecture. Gestational Diabetes Mellitus: Unveiling Maternal Health Dynamics from Pregnancy Through Postpartum Perspectives. Antibiotics in honey: a comprehensive review on occurrence and analytical methodologies. Challenges to ethical public engagement in research funding: a perspective from practice. Environmental impacts of drugs against parasitic vector-borne diseases and the need to integrate sustainability into their development and use.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1